Atom feed of this document
  
 
 Load Balancer-as-a-Service and Firewall-as-a-Service

The NSX LBaaS and FWaaS services use the standard OpenStack API with the exception of requiring routed-insertion extension support.

The main differences between the NSX implementation and the community reference implementation of these services are:

  1. The NSX LBaaS and FWaaS plug-ins require the routed-insertion extension, which adds the router_id attribute to the VIP (Virtual IP address) and firewall resources and binds these services to a logical router.

  2. The community reference implementation of LBaaS only supports a one-arm model, which restricts the VIP to be on the same subnet as the back-end servers. The NSX LBaaS plug-in only supports a two-arm model between north-south traffic, which means that you can create the VIP on only the external (physical) network.

  3. The community reference implementation of FWaaS applies firewall rules to all logical routers in a tenant, while the NSX FWaaS plug-in applies firewall rules only to one logical router according to the router_id of the firewall entity.

 

Procedure 7.6. To configure Load Balancer-as-a-Service and Firewall-as-a-Service with NSX:

  1. Edit /etc/neutron/neutron.conf file:

    core_plugin = neutron.plugins.vmware.plugin.NsxServicePlugin
    # Note: comment out service_plug-ins. LBaaS & FWaaS is supported by core_plugin NsxServicePlugin
    # service_plugins = 
  2. Edit /etc/neutron/plugins/vmware/nsx.ini file:

    In addition to the original NSX configuration, the default_l3_gw_service_uuid is required for the NSX Advanced plug-in and you must add a vcns section:

    [DEFAULT]
        nsx_password = admin
        nsx_user = admin
        nsx_controllers = 10.37.1.137:443
        default_l3_gw_service_uuid = aae63e9b-2e4e-4efe-81a1-92cf32e308bf
        default_tz_uuid = 2702f27a-869a-49d1-8781-09331a0f6b9e
    
        [vcns]
    
        # VSM management URL
        manager_uri = https://10.24.106.219
    
        # VSM admin user name
        user = admin
    
        # VSM admin password
        password = default
    
        # UUID of a logical switch on NSX which has physical network connectivity (currently using bridge transport type)
        external_network = f2c023cf-76e2-4625-869b-d0dabcfcc638
    
        # ID of deployment_container on VSM. Optional, if not specified, a default global deployment container is used
    
        # deployment_container_id =
    
        # task_status_check_interval configures status check interval for vCNS asynchronous API. Default is 2000 msec.
    
        # task_status_check_interval =
Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

loading table of contents...